ModSecurity
Learn how having ModSecurity allowed inside your hosting account could help silently with your website protection.
ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its performance and in case it identifies an intrusion attempt, it prevents it. The firewall also maintains a more thorough log for the traffic than any web server does, so you will manage to keep an eye on what is going on with your Internet sites much better than if you rely merely on standard logs. ModSecurity works with security rules based on which it stops attacks. For example, it identifies if someone is trying to log in to the administrator area of a particular script several times or if a request is sent to execute a file with a specific command. In such circumstances these attempts trigger the corresponding rules and the firewall program hinders the attempts instantly, after that records detailed information about them in its logs. ModSecurity is one of the very best software firewalls out there and it can easily protect your web applications against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins regularly.
-
ModSecurity in Website Hosting
ModSecurity is provided with all
website hosting servers, so if you choose to host your Internet sites with our business, they'll be shielded from a wide array of attacks. The firewall is enabled by default for all domains and subdomains, so there will be nothing you will have to do on your end. You will be able to stop ModSecurity for any website if required, or to activate a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You'll be able to view specific logs from your Hepsia CP including the IP address where the attack originated from, what the attacker planned to do and how ModSecurity addressed the threat. As we take the protection of our clients' websites very seriously, we employ a set of commercial rules which we take from one of the leading companies which maintain this sort of rules. Our administrators also add custom rules to ensure that your Internet sites will be protected against as many threats as possible.
-
ModSecurity in Semi-dedicated Hosting
We've incorporated ModSecurity by default in all
semi-dedicated hosting products, so your web applications shall be protected the instant you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will allow you to switch on or disable the firewall for any website with a mouse click. You shall also have the ability to turn on a passive detection mode with which ModSecurity will keep a log of potential attacks without really stopping them. The comprehensive logs include things like the nature of the attack and what ModSecurity response this attack caused, where it originated from, and so forth. The list of rules which we employ is frequently updated in order to match any new risks that could appear on the Internet and it comes with both commercial rules that we get from a security corporation and custom-written ones which our admins include if they discover a threat that is not present within the commercial list yet.
-
ModSecurity in VPS Hosting
Protection is vital to us, so we install ModSecurity on all
virtual private servers that are set up with the Hepsia Control Panel as a standard. The firewall could be managed through a dedicated section in Hepsia and is activated automatically when you include a new domain or create a subdomain, so you'll not have to do anything personally. You shall also be able to deactivate it or switch on the so-called detection mode, so it shall keep a log of potential attacks that you can later study, but won't block them. The logs in both passive and active modes offer info about the kind of the attack and how it was stopped, what IP it came from and other important information that might help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. On top of the commercial rules we get for ModSecurity from a third-party security company, we also employ our own rules as once in a while we detect specific attacks which are not yet present in the commercial group. This way, we could increase the protection of your VPS immediately instead of awaiting a certified update.
-
ModSecurity in Dedicated Web Hosting
If you opt to host your sites on a
dedicated server with the Hepsia Control Panel, your web programs will be secured immediately because ModSecurity is available with all Hepsia-based solutions. You'll be able to manage the firewall effortlessly and if necessary, you'll be able to turn it off or activate its passive mode when it shall only maintain a log of what's occurring without taking any action to stop possible attacks. The logs that you will find within the same section of the Control Panel are really detailed and contain information about the attacker IP, what site and file were attacked and in what ways, what rule the firewall employed to stop the intrusion, etc. This data shall enable you to take measures and increase the security of your sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our staff include whenever they recognize attacks that haven't yet been included in the commercial pack.